[thirdparty/openssl.git] / doc / man1 / openssl-ecparam.pod.in

=pod
{- OpenSSL::safe::output_do_not_edit_headers(); -}

=head1 NAME

openssl-ecparam - EC parameter manipulation and generation

=head1 SYNOPSIS

B<openssl ecparam>
[B<-help>]
[B<-inform> B<DER>|B<PEM>]
[B<-outform> B<DER>|B<PEM>]
[B<-in> I<filename>]
[B<-out> I<filename>]
[B<-noout>]
[B<-text>]
[B<-C>]
[B<-check>]
[B<-check_named>]
[B<-name> I<arg>]
[B<-list_curves>]
[B<-conv_form> I<arg>]
[B<-param_enc> I<arg>]
[B<-no_seed>]
[B<-genkey>]
{- $OpenSSL::safe::opt_engine_synopsis -}
{- $OpenSSL::safe::opt_r_synopsis -}
{- $OpenSSL::safe::opt_provider_synopsis -}

=for openssl ifdef engine

=head1 DESCRIPTION

This command has been deprecated.
The L<openssl-genpkey(1)> and L<openssl-pkeyparam(1)> commands
should be used instead.

This command is used to manipulate or generate EC parameter files.

OpenSSL is currently not able to generate new groups and therefore
this command can only create EC parameters from known (named) curves.

=head1 OPTIONS

=over 4

=item B<-help>

Print out a usage message.

=item B<-inform> B<DER>|B<PEM>, B<-outform> B<DER>|B<PEM>

The input and formats; the default is B<PEM>.
See L<openssl(1)/Format Options> for details.

Parameters are encoded as B<EcpkParameters> as specified in IETF RFC 3279.

=item B<-in> I<filename>

This specifies the input filename to read parameters from or standard input if
this option is not specified.

=item B<-out> I<filename>

This specifies the output filename parameters to. Standard output is used
if this option is not present. The output filename should B<not> be the same
as the input filename.

=item B<-noout>

This option inhibits the output of the encoded version of the parameters.

=item B<-text>

This option prints out the EC parameters in human readable form.

=item B<-C>

This option converts the EC parameters into C code. The parameters can then
be loaded by calling the get_ec_group_XXX() function.

=item B<-check>

Validate the elliptic curve parameters.

=item B<-check_named>

Validate the elliptic name curve parameters by checking if the curve parameters
match any built-in curves.

=item B<-name> I<arg>

Use the EC parameters with the specified 'short' name. Use B<-list_curves>
to get a list of all currently implemented EC parameters.

=item B<-list_curves>

Print out a list of all currently implemented EC parameters names and exit.

=item B<-conv_form> I<arg>

This specifies how the points on the elliptic curve are converted
into octet strings. Possible values are: B<compressed>, B<uncompressed> (the
default value) and B<hybrid>. For more information regarding
the point conversion forms please read the X9.62 standard.
B<Note> Due to patent issues the B<compressed> option is disabled
by default for binary curves and can be enabled by defining
the preprocessor macro B<OPENSSL_EC_BIN_PT_COMP> at compile time.

=item B<-param_enc> I<arg>

This specifies how the elliptic curve parameters are encoded.
Possible value are: B<named_curve>, i.e. the ec parameters are
specified by an OID, or B<explicit> where the ec parameters are
explicitly given (see RFC 3279 for the definition of the
EC parameters structures). The default value is B<named_curve>.
B<Note> the B<implicitlyCA> alternative, as specified in RFC 3279,
is currently not implemented in OpenSSL.

=item B<-no_seed>

This option inhibits that the 'seed' for the parameter generation
is included in the ECParameters structure (see RFC 3279).

=item B<-genkey>

This option will generate an EC private key using the specified parameters.

{- $OpenSSL::safe::opt_engine_item -}

{- $OpenSSL::safe::opt_r_item -}

{- $OpenSSL::safe::opt_provider_item -}

=back

=head1 EXAMPLES

Examples equivalent to these can be found in the documentation for the
non-deprecated L<openssl-genpkey(1)> and L<openssl-pkeyparam(1)> commands.

To create EC parameters with the group 'prime192v1':

  openssl ecparam -out ec_param.pem -name prime192v1

To create EC parameters with explicit parameters:

  openssl ecparam -out ec_param.pem -name prime192v1 -param_enc explicit

To validate given EC parameters:

  openssl ecparam -in ec_param.pem -check

To create EC parameters and a private key:

  openssl ecparam -out ec_key.pem -name prime192v1 -genkey

To change the point encoding to 'compressed':

  openssl ecparam -in ec_in.pem -out ec_out.pem -conv_form compressed

To print out the EC parameters to standard output:

  openssl ecparam -in ec_param.pem -noout -text

=head1 SEE ALSO

L<openssl(1)>,
L<openssl-pkeyparam(1)>,
L<openssl-genpkey(1)>,
L<openssl-ec(1)>,
L<openssl-dsaparam(1)>

=head1 HISTORY

This command was deprecated in OpenSSL 3.0.

=head1 COPYRIGHT

Copyright 2003-2020 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
Commit	Line	Data
2c789c82	1	=pod
625c781d	2	{- OpenSSL::safe::output_do_not_edit_headers(); -}
9fcb9702	3
2c789c82 BM	4	=head1 NAME
2c789c82 BM	5
b6b66573	6	openssl-ecparam - EC parameter manipulation and generation
2c789c82 BM	7
	8	=head1 SYNOPSIS
	9
	10	B<openssl ecparam>
169394d4	11	[B<-help>]
e8769719 RS	12	[B<-inform> B<DER>\|B<PEM>]
	13	[B<-outform> B<DER>\|B<PEM>]
	14	[B<-in> I<filename>]
	15	[B<-out> I<filename>]
2c789c82 BM	16	[B<-noout>]
	17	[B<-text>]
	18	[B<-C>]
	19	[B<-check>]
ac2b52c6	20	[B<-check_named>]
e8769719	21	[B<-name> I<arg>]
fc1d88f0	22	[B<-list_curves>]
e8769719 RS	23	[B<-conv_form> I<arg>]
e8769719 RS	24	[B<-param_enc> I<arg>]
2c789c82	25	[B<-no_seed>]
2c789c82	26	[B<-genkey>]
018aaeb4	27	{- $OpenSSL::safe::opt_engine_synopsis -}
9fcb9702	28	{- $OpenSSL::safe::opt_r_synopsis -}
6bd4e3f2	29	{- $OpenSSL::safe::opt_provider_synopsis -}
2c789c82	30
9f3c076b	31	=for openssl ifdef engine
1738c0ce	32
2c789c82 BM	33	=head1 DESCRIPTION
2c789c82 BM	34
d1eec097 P	35	This command has been deprecated.
	36	The L<openssl-genpkey(1)> and L<openssl-pkeyparam(1)> commands
	37	should be used instead.
	38
2c789c82 BM	39	This command is used to manipulate or generate EC parameter files.
2c789c82 BM	40
777182a0 RS	41	OpenSSL is currently not able to generate new groups and therefore
	42	this command can only create EC parameters from known (named) curves.
	43
2c789c82 BM	44	=head1 OPTIONS
	45
	46	=over 4
	47
169394d4 MR	48	=item B<-help>
	49
	50	Print out a usage message.
	51
777182a0	52	=item B<-inform> B<DER>\|B<PEM>, B<-outform> B<DER>\|B<PEM>
2c789c82	53
777182a0 RS	54	The input and formats; the default is B<PEM>.
777182a0 RS	55	See L<openssl(1)/Format Options> for details.
2c789c82	56
777182a0	57	Parameters are encoded as B<EcpkParameters> as specified in IETF RFC 3279.
2c789c82	58
e8769719	59	=item B<-in> I<filename>
2c789c82 BM	60
	61	This specifies the input filename to read parameters from or standard input if
	62	this option is not specified.
	63
e8769719	64	=item B<-out> I<filename>
2c789c82 BM	65
	66	This specifies the output filename parameters to. Standard output is used
	67	if this option is not present. The output filename should B<not> be the same
	68	as the input filename.
	69
	70	=item B<-noout>
	71
	72	This option inhibits the output of the encoded version of the parameters.
	73
	74	=item B<-text>
	75
	76	This option prints out the EC parameters in human readable form.
	77
	78	=item B<-C>
	79
	80	This option converts the EC parameters into C code. The parameters can then
35cb565a	81	be loaded by calling the get_ec_group_XXX() function.
2c789c82 BM	82
	83	=item B<-check>
	84
	85	Validate the elliptic curve parameters.
	86
ac2b52c6 NT	87	=item B<-check_named>
	88
	89	Validate the elliptic name curve parameters by checking if the curve parameters
37f03b98	90	match any built-in curves.
ac2b52c6	91
e8769719	92	=item B<-name> I<arg>
2c789c82 BM	93
	94	Use the EC parameters with the specified 'short' name. Use B<-list_curves>
	95	to get a list of all currently implemented EC parameters.
	96
	97	=item B<-list_curves>
	98
35a810bb	99	Print out a list of all currently implemented EC parameters names and exit.
2c789c82	100
2f0ea936	101	=item B<-conv_form> I<arg>
2c789c82 BM	102
2c789c82 BM	103	This specifies how the points on the elliptic curve are converted
ab0a3914 MC	104	into octet strings. Possible values are: B<compressed>, B<uncompressed> (the
ab0a3914 MC	105	default value) and B<hybrid>. For more information regarding
2c789c82 BM	106	the point conversion forms please read the X9.62 standard.
	107	B<Note> Due to patent issues the B<compressed> option is disabled
	108	by default for binary curves and can be enabled by defining
	109	the preprocessor macro B<OPENSSL_EC_BIN_PT_COMP> at compile time.
	110
e8769719	111	=item B<-param_enc> I<arg>
2c789c82 BM	112
	113	This specifies how the elliptic curve parameters are encoded.
	114	Possible value are: B<named_curve>, i.e. the ec parameters are
35ed393e	115	specified by an OID, or B<explicit> where the ec parameters are
1bc74519	116	explicitly given (see RFC 3279 for the definition of the
2c789c82	117	EC parameters structures). The default value is B<named_curve>.
aebb9aac	118	B<Note> the B<implicitlyCA> alternative, as specified in RFC 3279,
2c789c82 BM	119	is currently not implemented in OpenSSL.
	120
	121	=item B<-no_seed>
	122
	123	This option inhibits that the 'seed' for the parameter generation
	124	is included in the ECParameters structure (see RFC 3279).
	125
	126	=item B<-genkey>
	127
35ed393e	128	This option will generate an EC private key using the specified parameters.
2c789c82	129
018aaeb4	130	{- $OpenSSL::safe::opt_engine_item -}
2c789c82	131
9fcb9702 RS	132	{- $OpenSSL::safe::opt_r_item -}
9fcb9702 RS	133
6bd4e3f2 P	134	{- $OpenSSL::safe::opt_provider_item -}
6bd4e3f2 P	135
2c789c82 BM	136	=back
2c789c82 BM	137
2c789c82 BM	138	=head1 EXAMPLES
2c789c82 BM	139
35eb4588 P	140	Examples equivalent to these can be found in the documentation for the
	141	non-deprecated L<openssl-genpkey(1)> and L<openssl-pkeyparam(1)> commands.
	142
2c789c82 BM	143	To create EC parameters with the group 'prime192v1':
2c789c82 BM	144
627bd670	145	openssl ecparam -out ec_param.pem -name prime192v1
2c789c82 BM	146
	147	To create EC parameters with explicit parameters:
	148
627bd670	149	openssl ecparam -out ec_param.pem -name prime192v1 -param_enc explicit
2c789c82 BM	150
	151	To validate given EC parameters:
	152
627bd670	153	openssl ecparam -in ec_param.pem -check
2c789c82 BM	154
	155	To create EC parameters and a private key:
	156
627bd670	157	openssl ecparam -out ec_key.pem -name prime192v1 -genkey
2c789c82 BM	158
	159	To change the point encoding to 'compressed':
	160
627bd670	161	openssl ecparam -in ec_in.pem -out ec_out.pem -conv_form compressed
2c789c82 BM	162
	163	To print out the EC parameters to standard output:
	164
627bd670	165	openssl ecparam -in ec_param.pem -noout -text
2c789c82 BM	166
	167	=head1 SEE ALSO
	168
b6b66573	169	L<openssl(1)>,
d1eec097 P	170	L<openssl-pkeyparam(1)>,
d1eec097 P	171	L<openssl-genpkey(1)>,
b6b66573 DMSP	172	L<openssl-ec(1)>,
b6b66573 DMSP	173	L<openssl-dsaparam(1)>
2c789c82	174
d1eec097 P	175	=head1 HISTORY
	176
	177	This command was deprecated in OpenSSL 3.0.
	178
e2f92610 RS	179	=head1 COPYRIGHT
e2f92610 RS	180
d1eec097	181	Copyright 2003-2020 The OpenSSL Project Authors. All Rights Reserved.
e2f92610	182
449040b4	183	Licensed under the Apache License 2.0 (the "License"). You may not use
e2f92610 RS	184	this file except in compliance with the License. You can obtain a copy
	185	in the file LICENSE in the source distribution or at
	186	L<https://www.openssl.org/source/license.html>.
	187
	188	=cut